ThreatFox IOCs for 2025-03-29

Severity: mediumType: malware

AI Analysis

Technical Summary

The provided threat intelligence pertains to a malware-related report titled 'ThreatFox IOCs for 2025-03-29' sourced from ThreatFox, an OSINT (Open Source Intelligence) platform. The report appears to aggregate Indicators of Compromise (IOCs) relevant to malware threats identified on the specified date. However, the technical details are minimal, with no specific malware family, attack vectors, or affected software versions disclosed. The threat level is indicated as 2 on an unspecified scale, with analysis and distribution scores of 1 and 3 respectively, suggesting moderate dissemination but limited detailed analysis. There are no known exploits in the wild linked to this threat at the time of publication, and no patches or mitigations are directly referenced. The absence of CWEs (Common Weakness Enumerations) and specific technical indicators limits the granularity of the threat characterization. The classification under 'type:osint' and 'tlp:white' implies that the information is publicly shareable and intended for broad dissemination within the cybersecurity community. Overall, this entry serves as a situational awareness update rather than a detailed technical advisory, highlighting the presence of malware-related IOCs without elaboration on their nature or operational impact.

Potential Impact

Given the limited technical details and absence of known exploits, the immediate impact on European organizations is likely constrained. However, the presence of malware IOCs indicates potential ongoing or emerging threats that could target various sectors. European organizations relying on OSINT tools or threat intelligence feeds may benefit from incorporating these IOCs into their detection mechanisms to enhance situational awareness. The medium severity rating suggests a moderate risk level, possibly reflecting the potential for malware infections that could affect confidentiality, integrity, or availability if exploited. Without specific malware behavior or targeted sectors, the impact assessment remains generalized. Nonetheless, organizations in critical infrastructure, finance, and government sectors should remain vigilant, as malware threats can evolve rapidly and may be leveraged in broader cyber-espionage or disruption campaigns. The lack of known exploits in the wild reduces immediate urgency but does not preclude future exploitation.

Mitigation Recommendations

To effectively mitigate risks associated with this threat, European organizations should: 1) Integrate the provided IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enable proactive detection of related malware activity. 2) Conduct regular threat hunting exercises focusing on the indicators shared by ThreatFox to identify any latent infections or suspicious behaviors. 3) Maintain up-to-date malware signatures and heuristic detection capabilities within antivirus and anti-malware solutions to catch variants related to these IOCs. 4) Enhance user awareness training emphasizing cautious handling of unsolicited files and links, as malware often propagates through social engineering. 5) Collaborate with national Computer Security Incident Response Teams (CSIRTs) and share any findings to contribute to collective defense efforts. 6) Since no patches are indicated, focus on hardening endpoint configurations, applying principle of least privilege, and ensuring robust network segmentation to limit potential malware spread. These targeted actions go beyond generic advice by emphasizing IOC integration, active threat hunting, and inter-organizational collaboration.

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium

Indicators of Compromise

file: 104.234.168.3
hash: 1337
url: http://154.201.69.66:8888/supershell/login/
url: https://kirmiziadim.com/ogrmnmvinzm5zgu2/
url: https://rednoticeice3.com/ogrmnmvinzm5zgu2/
url: https://mavibalina522.com/ogrmnmvinzm5zgu2/
url: https://siyahpanpanter2.com/ogrmnmvinzm5zgu2/
url: https://kahverengiayii3.com/ogrmnmvinzm5zgu2/
domain: check.nifom.icu
file: 120.26.248.136
hash: 443
file: 207.180.235.180
hash: 80
file: 207.180.235.180
hash: 443
url: https://6steelixr.live/aguiz
file: 45.83.31.38
hash: 4000
file: 194.59.31.18
hash: 2026
file: 172.111.139.254
hash: 2404
file: 92.112.53.174
hash: 8443
file: 134.199.223.40
hash: 31337
url: https://oweldorae.digital/geds
url: https://qweldorae.digital/geds
url: https://sysmeshm.run/gossaio
file: 123.60.23.234
hash: 8888
file: 66.103.194.37
hash: 8888
file: 193.233.254.124
hash: 8808
file: 196.251.72.213
hash: 7777
file: 196.251.72.213
hash: 8808
file: 198.23.227.175
hash: 8801
file: 185.147.125.101
hash: 45051
file: 45.150.34.163
hash: 8082
file: 23.227.203.148
hash: 10443
file: 23.227.203.148
hash: 15443
file: 52.224.246.136
hash: 80
file: 52.224.246.136
hash: 443
file: 23.227.202.141
hash: 443
file: 23.227.202.141
hash: 10443
file: 23.227.202.141
hash: 15443
file: 54.193.120.169
hash: 15927
file: 54.193.120.169
hash: 59877
file: 118.31.70.79
hash: 8082
file: 84.27.0.166
hash: 80
domain: cpcalendars.e.ora-0-web.com
domain: api.faleze.com
url: http://182.119.62.111:47274/mozi.m
domain: check.ticyb.icu
url: https://check.ticyb.icu/gkcxv.google
url: http://111.231.144.231:8888/supershell/login/
url: http://89.169.12.78/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
url: http://213.176.73.72/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
file: 1.92.96.35
hash: 8033
file: 148.66.2.196
hash: 8083
file: 172.111.244.134
hash: 46167
file: 194.26.192.250
hash: 1000
file: 181.162.184.208
hash: 8080
file: 175.178.37.75
hash: 8848
file: 186.169.47.146
hash: 8090
domain: cpanel.adesso-online.com
domain: cpcalendars.eversioneweb.com
domain: webdisk.d.ora-0-web.com
domain: webmail.oraonweb.com
domain: cpanel.aa.104-168-101-27.cprapid.com
domain: mail.c.ora-0-web.com
domain: cpanel.i.web-app-on.com
domain: autodiscover.aaa.104-168-101-27.cprapid.com
file: 195.82.147.36
hash: 19000
file: 195.82.147.26
hash: 19000
file: 196.251.72.5
hash: 5555
file: 156.59.152.18
hash: 8090
file: 64.227.147.245
hash: 3333
file: 20.222.176.207
hash: 3333
file: 159.69.3.57
hash: 3333
file: 13.71.133.198
hash: 3333
file: 154.38.182.185
hash: 3333
file: 20.83.174.144
hash: 3333
file: 117.173.245.176
hash: 9205
file: 200.91.114.57
hash: 443
file: 91.212.166.183
hash: 443
file: 91.212.166.184
hash: 443
url: https://check.nagec.icu/gkcxv.google
domain: check.nagec.icu
file: 154.9.254.157
hash: 10012
file: 154.12.39.134
hash: 10011
file: 107.175.83.194
hash: 4400
file: 23.95.193.207
hash: 9178
file: 101.126.87.67
hash: 8002
file: 111.170.148.151
hash: 18443
file: 154.9.25.218
hash: 18443
file: 107.172.140.197
hash: 18443
file: 118.178.187.223
hash: 18443
file: 117.72.13.112
hash: 50050
file: 106.54.238.71
hash: 50050
file: 111.229.149.66
hash: 50050
file: 103.82.53.18
hash: 50050
file: 47.103.98.3
hash: 50050
file: 156.238.233.5
hash: 50050
file: 115.120.236.12
hash: 50050
file: 123.60.176.13
hash: 50050
file: 121.37.182.16
hash: 50050
file: 47.93.25.72
hash: 50050
file: 47.92.71.92
hash: 50050
file: 172.245.82.84
hash: 50050
file: 101.200.220.44
hash: 50050
file: 46.101.75.53
hash: 50050
file: 106.75.61.100
hash: 50050
file: 104.168.96.138
hash: 50050
file: 115.120.251.67
hash: 50050
file: 103.12.149.85
hash: 50050
file: 113.45.157.84
hash: 50050
file: 47.96.145.94
hash: 50050
file: 111.229.78.104
hash: 50050
file: 154.23.161.106
hash: 50050
file: 154.21.200.165
hash: 50050
file: 113.44.151.118
hash: 50050
file: 39.107.68.127
hash: 50050
file: 120.26.248.136
hash: 50050
file: 103.241.74.142
hash: 50050
file: 154.219.96.211
hash: 50050
file: 139.159.139.153
hash: 50050
file: 118.25.85.198
hash: 50050
file: 39.105.6.249
hash: 50050
file: 16.63.123.202
hash: 50050
file: 39.104.59.203
hash: 50050
file: 116.205.188.204
hash: 50050
file: 66.135.9.239
hash: 50050
file: 212.192.15.218
hash: 8848
file: 222.118.241.116
hash: 3333
file: 210.114.12.10
hash: 80
file: 158.247.243.122
hash: 443
file: 107.158.128.43
hash: 31337
file: 27.44.204.13
hash: 22001
file: 78.171.42.106
hash: 3001
file: 35.183.112.54
hash: 12271
file: 114.96.88.155
hash: 50050
file: 23.227.203.148
hash: 443
file: 89.150.40.35
hash: 80
file: 3.142.83.199
hash: 8406
url: https://kick.moi/spycamlive
url: http://161.97.187.28/
url: https://pastebin.com/raw/hwhskdaj
file: 77.96.238.78
hash: 8808
domain: chris1212-43098.portmap.host
domain: quassar53-43603.portmap.host
domain: ddffg-52874.portmap.host
domain: game-glory.gl.at.ply.gg
domain: swertyhgvcfrdewsquiplkjmnb.ydns.eu
domain: verynicepeopleswithgreatnessgivenmebestthings.ydns.eu
domain: indian-alternate.gl.at.ply.gg
domain: resources-legacy.gl.at.ply.gg
domain: someone-manually.gl.at.ply.gg
domain: ticket90867-33014.portmap.host
domain: nebuxisn.top
domain: check.taxaq.icu
url: https://check.taxaq.icu/gkcxv.google
url: https://5travewlio.shop/znxbhi
url: https://usesccapewz.run/ansbwqy
domain: check.zahyt.icu
url: https://check.zahyt.icu/gkcxv.google
file: 1.94.15.117
hash: 80
file: 1.12.233.147
hash: 8085
file: 176.65.143.147
hash: 2404
file: 206.123.152.106
hash: 2565
file: 144.172.92.114
hash: 2404
file: 173.225.102.145
hash: 5938
file: 45.78.63.125
hash: 443
file: 23.95.162.53
hash: 8808
file: 45.141.233.64
hash: 80
file: 156.238.237.180
hash: 4782
file: 93.183.81.23
hash: 4433
file: 78.135.93.218
hash: 443
file: 18.116.31.108
hash: 3260
domain: cpanel.multi-canale.com
domain: webmail.f.multi-canale.com
domain: cpcontacts.b.ora-0-web.com
domain: management.faleze.com
url: https://9smeltingt.run/giiaus
url: https://uik2oreheatq.live/gsopp
file: 193.149.129.58
hash: 80
file: 45.61.136.160
hash: 80
file: 66.103.210.105
hash: 60000
file: 37.133.50.164
hash: 80
file: 47.104.246.77
hash: 8090
file: 47.109.82.220
hash: 8000
file: 113.45.11.103
hash: 80
file: 84.46.236.139
hash: 8088
file: 148.135.86.38
hash: 443
file: 42.51.40.85
hash: 90
file: 38.55.199.146
hash: 2095
file: 121.41.46.127
hash: 7777
file: 45.196.222.158
hash: 443
domain: check.qewid.icu
url: https://check.qewid.icu/gkcxv.google
domain: castmann.run
url: https://check.ryqyn.icu/gkcxv.google
domain: check.ryqyn.icu
domain: muddy-scene-7557.sgfsdggfg.workers.dev
file: 64.176.228.13
hash: 443
file: 18.192.93.86
hash: 19281
file: 18.156.13.209
hash: 19281
file: 172.234.244.49
hash: 31337
file: 154.38.185.247
hash: 2022
file: 128.90.113.25
hash: 4000
file: 128.90.113.25
hash: 8808
file: 195.3.223.146
hash: 4445
file: 92.213.96.141
hash: 3389
file: 46.31.79.56
hash: 7777
file: 195.35.56.181
hash: 8080
file: 43.250.173.2
hash: 80
file: 3.71.225.231
hash: 18053
file: 89.110.76.90
hash: 80
file: 52.57.120.10
hash: 18053
file: 18.192.31.30
hash: 18053
file: 147.185.221.21
hash: 27180
domain: check.wumih.icu
url: https://check.wumih.icu/gkcxv.google
url: https://moonscik.digital/lskaoz
file: 3.126.224.214
hash: 10780
file: 35.157.111.131
hash: 10780
file: 3.125.188.168
hash: 10780
file: 3.124.67.191
hash: 10780
url: https://gferromny.digital/gwpd
url: https://tripfjoyq.life/sgpakz
domain: check.libij.icu
url: https://check.libij.icu/gkcxv.google
url: https://0castmaxw.run/ganzde
url: https://70oreheatq.live/gsopp
url: https://apixtreev.run/lkauz
url: https://appgridn.live/lejdak
url: https://byteplusx.digital/axweax
url: https://cosmosyf.top/gosznj
url: https://fferromny.digital/gwpd
url: https://mtriplooqp.world/apowko
url: https://tsparkiob.digital/keasup
url: https://70sparkiob.digital/keasup
url: https://7targett.top/dsangt
url: https://atargett.top/dsangt
url: https://xcastmaxw.run/ganzde
domain: check.mipak.icu
url: https://check.mipak.icu/gkcxv.google
hash: 7f4582259482af646aecd6b1addb50cb283706753376e7dbadb4c33ab3ddff21
hash: 9793fc09d1f18b16cc7e1af52e68957387eda27e904fe44cdad904016fcb55b8
url: https://5steelixr.live/aguiz
url: https://6advennture.top/gksiio
url: https://mvoreheatq.live/gsopp
domain: astroutm.life
domain: cosmixxz.live
domain: cosmosyq.shop
domain: galxnetb.today
domain: moonscik.digital
domain: spacedbv.world
domain: starcloc.bet
domain: astrolym.life
domain: lunoxxx.shop
domain: moonifyc.digital
domain: orbitskc.bet
domain: spacenxx.shop
domain: starjetv.run
domain: starpopz.live
domain: starwebb.today
domain: voidmaxv.world
url: http://85.209.11.155/joinsystem/
url: https://docs.google.com/forms/d/e/1faipqlsdjxyobii5wkyt9dvl8ngybk6434oyqhgomohrcdpsbk1shcw/viewform?usp=sf_link
url: https://openvpn.tech/vpn-download
url: https://utv4fun.com/kusaka.php?call=vpn
url: https://openvpn-win.pages.dev
domain: openvpn.tech
url: https://docs.google.com/forms/d/e/1faipqlsf44qew5ulxjaqoyjzkklugmil7m2zktzncegf3ynu5bnfkdw/viewform?usp=sf_link
url: https://openvpn.software/vpn-download
domain: electrum-doge.online
domain: openvpn.software
url: https://metalrom.digital/opgasz
file: 205.185.117.53
hash: 3778
domain: check.gicaz.icu
url: https://check.gicaz.icu/gkcxv.google
domain: aoqjan1.anondns.net
domain: dasds21.zapto.org
domain: fdgdfgfd.top
domain: horipalok.top
domain: iyhelp.top
domain: kmabeepr.uhimsicloudcop.com
domain: m3back699.site
domain: zayas1.anondns.net
domain: check.jehim.icu
url: https://check.jehim.icu/gkcxv.google
hash: e11d147dad6e47a1cecb1f2755f95a55
hash: 23c218d4009918c9b93f22e09e1d3671
hash: f7f679420671b7e18677831d4d276277
hash: f76d907ca3817a8b2967790315265469
hash: 6c3b2558fc8cfcb2751437b6e5cdeb6f
hash: 6d034dca42ffea354a20cd15d3f2ffd5
file: 103.83.86.26
hash: 23
domain: action-required-now.ru
domain: aeropeakpro.com
domain: bkrmbigokg.com
domain: downssaup.top
domain: drpolor.top
domain: edgemindspro.com
domain: edhelp.top
domain: helpmysupport.top
domain: lottehelp.top
domain: ls-xsg.screensconnectpro.com
domain: maltphelp.top
domain: neurovibepro.com
domain: popwee2.zapto.org
domain: relay.relaysupportbr.com
domain: rjpanelplus.top
domain: ssapopup.top
domain: syntheticalabspro.com
domain: yqwam21154.zapto.org
domain: zenovalabspro.com
file: 159.100.6.170
hash: 8880
file: 37.221.64.108
hash: 8041
file: 37.221.64.60
hash: 8041
file: 37.221.64.76
hash: 8041
file: 38.180.57.106
hash: 8041
file: 193.23.118.77
hash: 8041
file: 38.244.132.66
hash: 30001
file: 43.250.173.2
hash: 1995
file: 54.39.19.186
hash: 47826
file: 157.173.192.228
hash: 8888
file: 96.9.125.36
hash: 82
file: 62.133.60.82
hash: 443
file: 88.89.219.131
hash: 443
file: 191.13.60.33
hash: 8081
file: 154.21.200.190
hash: 80
domain: check.bopuc.icu
url: https://check.bopuc.icu/gkcxv.google
url: https://check.taxiz.icu/gkcxv.google
file: 156.238.233.5
hash: 8899
file: 47.97.96.34
hash: 6000
file: 47.116.208.81
hash: 50050
file: 60.205.183.232
hash: 50050
file: 150.230.194.235
hash: 50050
file: 103.242.12.203
hash: 8868
file: 150.158.77.31
hash: 8899
file: 84.32.9.92
hash: 31337
file: 107.189.27.163
hash: 31337
file: 149.102.130.194
hash: 31337
file: 5.252.153.120
hash: 31337
file: 146.70.213.35
hash: 8085
file: 13.38.122.42
hash: 51235
file: 114.67.234.200
hash: 10001
file: 149.210.76.82
hash: 443
file: 101.201.37.152
hash: 9333
url: http://45.141.233.64/
url: https://linktree.ec/
url: https://linktree.ec/muppetsbinance
url: https://linktree.si/
domain: holefo2785-22820.portmap.host
domain: web.project4443.xyz
domain: 8.tcp.eu.ngrok.io
domain: bricker33-42218.portmap.host
domain: kellyjasmine1985.duckdns.org
domain: ramcourse.duckdns.org
domain: xxploitt.duckdns.org
domain: slimedang-64046.portmap.host
domain: hodh009-62208.portmap.host
file: 193.161.193.99
hash: 62208
url: https://check.sabyw.icu/gkcxv.google
domain: check.sabyw.icu
url: https://check.jexat.icu/gkcxv.google
file: 151.106.125.158
hash: 8443
file: 35.220.139.126
hash: 8443
file: 45.146.254.58
hash: 4782
file: 109.122.248.111
hash: 8856
file: 159.203.148.17
hash: 443
file: 194.55.137.17
hash: 443
file: 46.8.226.188
hash: 4444
url: https://g7weldorae.digital/geds
url: https://check.munyw.icu/gkcxv.google

ThreatFox IOCs for 2025-03-29

Severity: medium

Type: malware

ThreatFox IOCs for 2025-03-29

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium

Indicators of Compromise

file: 104.234.168.3
hash: 1337
url: http://154.201.69.66:8888/supershell/login/
url: https://kirmiziadim.com/ogrmnmvinzm5zgu2/
url: https://rednoticeice3.com/ogrmnmvinzm5zgu2/
url: https://mavibalina522.com/ogrmnmvinzm5zgu2/
url: https://siyahpanpanter2.com/ogrmnmvinzm5zgu2/
url: https://kahverengiayii3.com/ogrmnmvinzm5zgu2/
domain: check.nifom.icu
file: 120.26.248.136
hash: 443
file: 207.180.235.180
hash: 80
file: 207.180.235.180
hash: 443
url: https://6steelixr.live/aguiz
file: 45.83.31.38
hash: 4000
file: 194.59.31.18
hash: 2026
file: 172.111.139.254
hash: 2404
file: 92.112.53.174
hash: 8443
file: 134.199.223.40
hash: 31337
url: https://oweldorae.digital/geds
url: https://qweldorae.digital/geds
url: https://sysmeshm.run/gossaio
file: 123.60.23.234
hash: 8888
file: 66.103.194.37
hash: 8888
file: 193.233.254.124
hash: 8808
file: 196.251.72.213
hash: 7777
file: 196.251.72.213
hash: 8808
file: 198.23.227.175
hash: 8801
file: 185.147.125.101
hash: 45051
file: 45.150.34.163
hash: 8082
file: 23.227.203.148
hash: 10443
file: 23.227.203.148
hash: 15443
file: 52.224.246.136
hash: 80
file: 52.224.246.136
hash: 443
file: 23.227.202.141
hash: 443
file: 23.227.202.141
hash: 10443
file: 23.227.202.141
hash: 15443
file: 54.193.120.169
hash: 15927
file: 54.193.120.169
hash: 59877
file: 118.31.70.79
hash: 8082
file: 84.27.0.166
hash: 80
domain: cpcalendars.e.ora-0-web.com
domain: api.faleze.com
url: http://182.119.62.111:47274/mozi.m
domain: check.ticyb.icu
url: https://check.ticyb.icu/gkcxv.google
url: http://111.231.144.231:8888/supershell/login/
url: http://89.169.12.78/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
url: http://213.176.73.72/api/ytasodysodisowqsytesodgsotasotusnjusn2qs
file: 1.92.96.35
hash: 8033
file: 148.66.2.196
hash: 8083
file: 172.111.244.134
hash: 46167
file: 194.26.192.250
hash: 1000
file: 181.162.184.208
hash: 8080
file: 175.178.37.75
hash: 8848
file: 186.169.47.146
hash: 8090
domain: cpanel.adesso-online.com
domain: cpcalendars.eversioneweb.com
domain: webdisk.d.ora-0-web.com
domain: webmail.oraonweb.com
domain: cpanel.aa.104-168-101-27.cprapid.com
domain: mail.c.ora-0-web.com
domain: cpanel.i.web-app-on.com
domain: autodiscover.aaa.104-168-101-27.cprapid.com
file: 195.82.147.36
hash: 19000
file: 195.82.147.26
hash: 19000
file: 196.251.72.5
hash: 5555
file: 156.59.152.18
hash: 8090
file: 64.227.147.245
hash: 3333
file: 20.222.176.207
hash: 3333
file: 159.69.3.57
hash: 3333
file: 13.71.133.198
hash: 3333
file: 154.38.182.185
hash: 3333
file: 20.83.174.144
hash: 3333
file: 117.173.245.176
hash: 9205
file: 200.91.114.57
hash: 443
file: 91.212.166.183
hash: 443
file: 91.212.166.184
hash: 443
url: https://check.nagec.icu/gkcxv.google
domain: check.nagec.icu
file: 154.9.254.157
hash: 10012
file: 154.12.39.134
hash: 10011
file: 107.175.83.194
hash: 4400
file: 23.95.193.207
hash: 9178
file: 101.126.87.67
hash: 8002
file: 111.170.148.151
hash: 18443
file: 154.9.25.218
hash: 18443
file: 107.172.140.197
hash: 18443
file: 118.178.187.223
hash: 18443
file: 117.72.13.112
hash: 50050
file: 106.54.238.71
hash: 50050
file: 111.229.149.66
hash: 50050
file: 103.82.53.18
hash: 50050
file: 47.103.98.3
hash: 50050
file: 156.238.233.5
hash: 50050
file: 115.120.236.12
hash: 50050
file: 123.60.176.13
hash: 50050
file: 121.37.182.16
hash: 50050
file: 47.93.25.72
hash: 50050
file: 47.92.71.92
hash: 50050
file: 172.245.82.84
hash: 50050
file: 101.200.220.44
hash: 50050
file: 46.101.75.53
hash: 50050
file: 106.75.61.100
hash: 50050
file: 104.168.96.138
hash: 50050
file: 115.120.251.67
hash: 50050
file: 103.12.149.85
hash: 50050
file: 113.45.157.84
hash: 50050
file: 47.96.145.94
hash: 50050
file: 111.229.78.104
hash: 50050
file: 154.23.161.106
hash: 50050
file: 154.21.200.165
hash: 50050
file: 113.44.151.118
hash: 50050
file: 39.107.68.127
hash: 50050
file: 120.26.248.136
hash: 50050
file: 103.241.74.142
hash: 50050
file: 154.219.96.211
hash: 50050
file: 139.159.139.153
hash: 50050
file: 118.25.85.198
hash: 50050
file: 39.105.6.249
hash: 50050
file: 16.63.123.202
hash: 50050
file: 39.104.59.203
hash: 50050
file: 116.205.188.204
hash: 50050
file: 66.135.9.239
hash: 50050
file: 212.192.15.218
hash: 8848
file: 222.118.241.116
hash: 3333
file: 210.114.12.10
hash: 80
file: 158.247.243.122
hash: 443
file: 107.158.128.43
hash: 31337
file: 27.44.204.13
hash: 22001
file: 78.171.42.106
hash: 3001
file: 35.183.112.54
hash: 12271
file: 114.96.88.155
hash: 50050
file: 23.227.203.148
hash: 443
file: 89.150.40.35
hash: 80
file: 3.142.83.199
hash: 8406
url: https://kick.moi/spycamlive
url: http://161.97.187.28/
url: https://pastebin.com/raw/hwhskdaj
file: 77.96.238.78
hash: 8808
domain: chris1212-43098.portmap.host
domain: quassar53-43603.portmap.host
domain: ddffg-52874.portmap.host
domain: game-glory.gl.at.ply.gg
domain: swertyhgvcfrdewsquiplkjmnb.ydns.eu
domain: verynicepeopleswithgreatnessgivenmebestthings.ydns.eu
domain: indian-alternate.gl.at.ply.gg
domain: resources-legacy.gl.at.ply.gg
domain: someone-manually.gl.at.ply.gg
domain: ticket90867-33014.portmap.host
domain: nebuxisn.top
domain: check.taxaq.icu
url: https://check.taxaq.icu/gkcxv.google
url: https://5travewlio.shop/znxbhi
url: https://usesccapewz.run/ansbwqy
domain: check.zahyt.icu
url: https://check.zahyt.icu/gkcxv.google
file: 1.94.15.117
hash: 80
file: 1.12.233.147
hash: 8085
file: 176.65.143.147
hash: 2404
file: 206.123.152.106
hash: 2565
file: 144.172.92.114
hash: 2404
file: 173.225.102.145
hash: 5938
file: 45.78.63.125
hash: 443
file: 23.95.162.53
hash: 8808
file: 45.141.233.64
hash: 80
file: 156.238.237.180
hash: 4782
file: 93.183.81.23
hash: 4433
file: 78.135.93.218
hash: 443
file: 18.116.31.108
hash: 3260
domain: cpanel.multi-canale.com
domain: webmail.f.multi-canale.com
domain: cpcontacts.b.ora-0-web.com
domain: management.faleze.com
url: https://9smeltingt.run/giiaus
url: https://uik2oreheatq.live/gsopp
file: 193.149.129.58
hash: 80
file: 45.61.136.160
hash: 80
file: 66.103.210.105
hash: 60000
file: 37.133.50.164
hash: 80
file: 47.104.246.77
hash: 8090
file: 47.109.82.220
hash: 8000
file: 113.45.11.103
hash: 80
file: 84.46.236.139
hash: 8088
file: 148.135.86.38
hash: 443
file: 42.51.40.85
hash: 90
file: 38.55.199.146
hash: 2095
file: 121.41.46.127
hash: 7777
file: 45.196.222.158
hash: 443
domain: check.qewid.icu
url: https://check.qewid.icu/gkcxv.google
domain: castmann.run
url: https://check.ryqyn.icu/gkcxv.google
domain: check.ryqyn.icu
domain: muddy-scene-7557.sgfsdggfg.workers.dev
file: 64.176.228.13
hash: 443
file: 18.192.93.86
hash: 19281
file: 18.156.13.209
hash: 19281
file: 172.234.244.49
hash: 31337
file: 154.38.185.247
hash: 2022
file: 128.90.113.25
hash: 4000
file: 128.90.113.25
hash: 8808
file: 195.3.223.146
hash: 4445
file: 92.213.96.141
hash: 3389
file: 46.31.79.56
hash: 7777
file: 195.35.56.181
hash: 8080
file: 43.250.173.2
hash: 80
file: 3.71.225.231
hash: 18053
file: 89.110.76.90
hash: 80
file: 52.57.120.10
hash: 18053
file: 18.192.31.30
hash: 18053
file: 147.185.221.21
hash: 27180
domain: check.wumih.icu
url: https://check.wumih.icu/gkcxv.google
url: https://moonscik.digital/lskaoz
file: 3.126.224.214
hash: 10780
file: 35.157.111.131
hash: 10780
file: 3.125.188.168
hash: 10780
file: 3.124.67.191
hash: 10780
url: https://gferromny.digital/gwpd
url: https://tripfjoyq.life/sgpakz
domain: check.libij.icu
url: https://check.libij.icu/gkcxv.google
url: https://0castmaxw.run/ganzde
url: https://70oreheatq.live/gsopp
url: https://apixtreev.run/lkauz
url: https://appgridn.live/lejdak
url: https://byteplusx.digital/axweax
url: https://cosmosyf.top/gosznj
url: https://fferromny.digital/gwpd
url: https://mtriplooqp.world/apowko
url: https://tsparkiob.digital/keasup
url: https://70sparkiob.digital/keasup
url: https://7targett.top/dsangt
url: https://atargett.top/dsangt
url: https://xcastmaxw.run/ganzde
domain: check.mipak.icu
url: https://check.mipak.icu/gkcxv.google
hash: 7f4582259482af646aecd6b1addb50cb283706753376e7dbadb4c33ab3ddff21
hash: 9793fc09d1f18b16cc7e1af52e68957387eda27e904fe44cdad904016fcb55b8
url: https://5steelixr.live/aguiz
url: https://6advennture.top/gksiio
url: https://mvoreheatq.live/gsopp
domain: astroutm.life
domain: cosmixxz.live
domain: cosmosyq.shop
domain: galxnetb.today
domain: moonscik.digital
domain: spacedbv.world
domain: starcloc.bet
domain: astrolym.life
domain: lunoxxx.shop
domain: moonifyc.digital
domain: orbitskc.bet
domain: spacenxx.shop
domain: starjetv.run
domain: starpopz.live
domain: starwebb.today
domain: voidmaxv.world
url: http://85.209.11.155/joinsystem/
url: https://docs.google.com/forms/d/e/1faipqlsdjxyobii5wkyt9dvl8ngybk6434oyqhgomohrcdpsbk1shcw/viewform?usp=sf_link
url: https://openvpn.tech/vpn-download
url: https://utv4fun.com/kusaka.php?call=vpn
url: https://openvpn-win.pages.dev
domain: openvpn.tech
url: https://docs.google.com/forms/d/e/1faipqlsf44qew5ulxjaqoyjzkklugmil7m2zktzncegf3ynu5bnfkdw/viewform?usp=sf_link
url: https://openvpn.software/vpn-download
domain: electrum-doge.online
domain: openvpn.software
url: https://metalrom.digital/opgasz
file: 205.185.117.53
hash: 3778
domain: check.gicaz.icu
url: https://check.gicaz.icu/gkcxv.google
domain: aoqjan1.anondns.net
domain: dasds21.zapto.org
domain: fdgdfgfd.top
domain: horipalok.top
domain: iyhelp.top
domain: kmabeepr.uhimsicloudcop.com
domain: m3back699.site
domain: zayas1.anondns.net
domain: check.jehim.icu
url: https://check.jehim.icu/gkcxv.google
hash: e11d147dad6e47a1cecb1f2755f95a55
hash: 23c218d4009918c9b93f22e09e1d3671
hash: f7f679420671b7e18677831d4d276277
hash: f76d907ca3817a8b2967790315265469
hash: 6c3b2558fc8cfcb2751437b6e5cdeb6f
hash: 6d034dca42ffea354a20cd15d3f2ffd5
file: 103.83.86.26
hash: 23
domain: action-required-now.ru
domain: aeropeakpro.com
domain: bkrmbigokg.com
domain: downssaup.top
domain: drpolor.top
domain: edgemindspro.com
domain: edhelp.top
domain: helpmysupport.top
domain: lottehelp.top
domain: ls-xsg.screensconnectpro.com
domain: maltphelp.top
domain: neurovibepro.com
domain: popwee2.zapto.org
domain: relay.relaysupportbr.com
domain: rjpanelplus.top
domain: ssapopup.top
domain: syntheticalabspro.com
domain: yqwam21154.zapto.org
domain: zenovalabspro.com
file: 159.100.6.170
hash: 8880
file: 37.221.64.108
hash: 8041
file: 37.221.64.60
hash: 8041
file: 37.221.64.76
hash: 8041
file: 38.180.57.106
hash: 8041
file: 193.23.118.77
hash: 8041
file: 38.244.132.66
hash: 30001
file: 43.250.173.2
hash: 1995
file: 54.39.19.186
hash: 47826
file: 157.173.192.228
hash: 8888
file: 96.9.125.36
hash: 82
file: 62.133.60.82
hash: 443
file: 88.89.219.131
hash: 443
file: 191.13.60.33
hash: 8081
file: 154.21.200.190
hash: 80
domain: check.bopuc.icu
url: https://check.bopuc.icu/gkcxv.google
url: https://check.taxiz.icu/gkcxv.google
file: 156.238.233.5
hash: 8899
file: 47.97.96.34
hash: 6000
file: 47.116.208.81
hash: 50050
file: 60.205.183.232
hash: 50050
file: 150.230.194.235
hash: 50050
file: 103.242.12.203
hash: 8868
file: 150.158.77.31
hash: 8899
file: 84.32.9.92
hash: 31337
file: 107.189.27.163
hash: 31337
file: 149.102.130.194
hash: 31337
file: 5.252.153.120
hash: 31337
file: 146.70.213.35
hash: 8085
file: 13.38.122.42
hash: 51235
file: 114.67.234.200
hash: 10001
file: 149.210.76.82
hash: 443
file: 101.201.37.152
hash: 9333
url: http://45.141.233.64/
url: https://linktree.ec/
url: https://linktree.ec/muppetsbinance
url: https://linktree.si/
domain: holefo2785-22820.portmap.host
domain: web.project4443.xyz
domain: 8.tcp.eu.ngrok.io
domain: bricker33-42218.portmap.host
domain: kellyjasmine1985.duckdns.org
domain: ramcourse.duckdns.org
domain: xxploitt.duckdns.org
domain: slimedang-64046.portmap.host
domain: hodh009-62208.portmap.host
file: 193.161.193.99
hash: 62208
url: https://check.sabyw.icu/gkcxv.google
domain: check.sabyw.icu
url: https://check.jexat.icu/gkcxv.google
file: 151.106.125.158
hash: 8443
file: 35.220.139.126
hash: 8443
file: 45.146.254.58
hash: 4782
file: 109.122.248.111
hash: 8856
file: 159.203.148.17
hash: 443
file: 194.55.137.17
hash: 443
file: 46.8.226.188
hash: 4444
url: https://g7weldorae.digital/geds
url: https://check.munyw.icu/gkcxv.google

Source: ThreatFox

Published: Sat Mar 29 2025

ThreatFox IOCs for 2025-03-29

Medium

Malwaretype:osint tlp:white

Published: Sat Mar 29 2025 (03/29/2025, 00:00:00 UTC)

Source: ThreatFox

Vendor/Project: type

Product: osint

Description

ThreatFox IOCs for 2025-03-29

AI-Powered Analysis

AILast updated: 06/19/2025, 15:18:18 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Threat Level: 2
Analysis: 1
Distribution: 3
Uuid: 8a6f5eff-c048-413e-be20-2310eaeb9117
Original Timestamp: 1743292985

Indicators of Compromise

File

Value	Description	Copy
file104.234.168.3	Unknown malware botnet C2 server (confidence level: 100%)
file120.26.248.136	Cobalt Strike botnet C2 server (confidence level: 100%)
file207.180.235.180	Cobalt Strike botnet C2 server (confidence level: 100%)
file207.180.235.180	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.83.31.38	Remcos botnet C2 server (confidence level: 100%)
file194.59.31.18	Remcos botnet C2 server (confidence level: 100%)
file172.111.139.254	Remcos botnet C2 server (confidence level: 100%)
file92.112.53.174	Sliver botnet C2 server (confidence level: 100%)
file134.199.223.40	Sliver botnet C2 server (confidence level: 100%)
file123.60.23.234	Unknown malware botnet C2 server (confidence level: 100%)
file66.103.194.37	Unknown malware botnet C2 server (confidence level: 100%)
file193.233.254.124	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.72.213	AsyncRAT botnet C2 server (confidence level: 100%)
file196.251.72.213	AsyncRAT botnet C2 server (confidence level: 100%)
file198.23.227.175	AsyncRAT botnet C2 server (confidence level: 100%)
file185.147.125.101	Hook botnet C2 server (confidence level: 100%)
file45.150.34.163	Hook botnet C2 server (confidence level: 100%)
file23.227.203.148	Havoc botnet C2 server (confidence level: 100%)
file23.227.203.148	Havoc botnet C2 server (confidence level: 100%)
file52.224.246.136	Havoc botnet C2 server (confidence level: 100%)
file52.224.246.136	Havoc botnet C2 server (confidence level: 100%)
file23.227.202.141	Havoc botnet C2 server (confidence level: 100%)
file23.227.202.141	Havoc botnet C2 server (confidence level: 100%)
file23.227.202.141	Havoc botnet C2 server (confidence level: 100%)
file54.193.120.169	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file54.193.120.169	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file118.31.70.79	Vshell botnet C2 server (confidence level: 100%)
file84.27.0.166	Unknown malware botnet C2 server (confidence level: 100%)
file1.92.96.35	Cobalt Strike botnet C2 server (confidence level: 75%)
file148.66.2.196	Cobalt Strike botnet C2 server (confidence level: 75%)
file172.111.244.134	Remcos botnet C2 server (confidence level: 100%)
file194.26.192.250	Remcos botnet C2 server (confidence level: 100%)
file181.162.184.208	Quasar RAT botnet C2 server (confidence level: 100%)
file175.178.37.75	DCRat botnet C2 server (confidence level: 100%)
file186.169.47.146	DCRat botnet C2 server (confidence level: 100%)
file195.82.147.36	Rhadamanthys botnet C2 server (confidence level: 100%)
file195.82.147.26	Rhadamanthys botnet C2 server (confidence level: 100%)
file196.251.72.5	AsyncRAT botnet C2 server (confidence level: 100%)
file156.59.152.18	Unknown malware botnet C2 server (confidence level: 100%)
file64.227.147.245	Unknown malware botnet C2 server (confidence level: 100%)
file20.222.176.207	Unknown malware botnet C2 server (confidence level: 100%)
file159.69.3.57	Unknown malware botnet C2 server (confidence level: 100%)
file13.71.133.198	Unknown malware botnet C2 server (confidence level: 100%)
file154.38.182.185	Unknown malware botnet C2 server (confidence level: 100%)
file20.83.174.144	Unknown malware botnet C2 server (confidence level: 100%)
file117.173.245.176	Unknown malware botnet C2 server (confidence level: 100%)
file200.91.114.57	QakBot botnet C2 server (confidence level: 100%)
file91.212.166.183	GhostSocks botnet C2 server (confidence level: 100%)
file91.212.166.184	GhostSocks botnet C2 server (confidence level: 100%)
file154.9.254.157	Cobalt Strike botnet C2 server (confidence level: 50%)
file154.12.39.134	Cobalt Strike botnet C2 server (confidence level: 50%)
file107.175.83.194	Cobalt Strike botnet C2 server (confidence level: 50%)
file23.95.193.207	Cobalt Strike botnet C2 server (confidence level: 50%)
file101.126.87.67	Cobalt Strike botnet C2 server (confidence level: 50%)
file111.170.148.151	Cobalt Strike botnet C2 server (confidence level: 50%)
file154.9.25.218	Cobalt Strike botnet C2 server (confidence level: 50%)
file107.172.140.197	Cobalt Strike botnet C2 server (confidence level: 50%)
file118.178.187.223	Cobalt Strike botnet C2 server (confidence level: 50%)
file117.72.13.112	Cobalt Strike botnet C2 server (confidence level: 50%)
file106.54.238.71	Cobalt Strike botnet C2 server (confidence level: 50%)
file111.229.149.66	Cobalt Strike botnet C2 server (confidence level: 50%)
file103.82.53.18	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.103.98.3	Cobalt Strike botnet C2 server (confidence level: 50%)
file156.238.233.5	Cobalt Strike botnet C2 server (confidence level: 50%)
file115.120.236.12	Cobalt Strike botnet C2 server (confidence level: 50%)
file123.60.176.13	Cobalt Strike botnet C2 server (confidence level: 50%)
file121.37.182.16	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.93.25.72	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.92.71.92	Cobalt Strike botnet C2 server (confidence level: 50%)
file172.245.82.84	Cobalt Strike botnet C2 server (confidence level: 50%)
file101.200.220.44	Cobalt Strike botnet C2 server (confidence level: 50%)
file46.101.75.53	Cobalt Strike botnet C2 server (confidence level: 50%)
file106.75.61.100	Cobalt Strike botnet C2 server (confidence level: 50%)
file104.168.96.138	Cobalt Strike botnet C2 server (confidence level: 50%)
file115.120.251.67	Cobalt Strike botnet C2 server (confidence level: 50%)
file103.12.149.85	Cobalt Strike botnet C2 server (confidence level: 50%)
file113.45.157.84	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.96.145.94	Cobalt Strike botnet C2 server (confidence level: 50%)
file111.229.78.104	Cobalt Strike botnet C2 server (confidence level: 50%)
file154.23.161.106	Cobalt Strike botnet C2 server (confidence level: 50%)
file154.21.200.165	Cobalt Strike botnet C2 server (confidence level: 50%)
file113.44.151.118	Cobalt Strike botnet C2 server (confidence level: 50%)
file39.107.68.127	Cobalt Strike botnet C2 server (confidence level: 50%)
file120.26.248.136	Cobalt Strike botnet C2 server (confidence level: 50%)
file103.241.74.142	Cobalt Strike botnet C2 server (confidence level: 50%)
file154.219.96.211	Cobalt Strike botnet C2 server (confidence level: 50%)
file139.159.139.153	Cobalt Strike botnet C2 server (confidence level: 50%)
file118.25.85.198	Cobalt Strike botnet C2 server (confidence level: 50%)
file39.105.6.249	Cobalt Strike botnet C2 server (confidence level: 50%)
file16.63.123.202	Cobalt Strike botnet C2 server (confidence level: 50%)
file39.104.59.203	Cobalt Strike botnet C2 server (confidence level: 50%)
file116.205.188.204	Cobalt Strike botnet C2 server (confidence level: 50%)
file66.135.9.239	Cobalt Strike botnet C2 server (confidence level: 50%)
file212.192.15.218	Cobalt Strike botnet C2 server (confidence level: 50%)
file222.118.241.116	Unknown malware botnet C2 server (confidence level: 50%)
file210.114.12.10	Kimsuky botnet C2 server (confidence level: 50%)
file158.247.243.122	Kimsuky botnet C2 server (confidence level: 50%)
file107.158.128.43	Sliver botnet C2 server (confidence level: 50%)
file27.44.204.13	ShadowPad botnet C2 server (confidence level: 50%)
file78.171.42.106	AsyncRAT botnet C2 server (confidence level: 50%)
file35.183.112.54	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file114.96.88.155	Quasar RAT botnet C2 server (confidence level: 50%)
file23.227.203.148	Havoc botnet C2 server (confidence level: 50%)
file89.150.40.35	Unknown malware botnet C2 server (confidence level: 50%)
file3.142.83.199	Unknown malware botnet C2 server (confidence level: 50%)
file77.96.238.78	Orcus RAT botnet C2 server (confidence level: 50%)
file1.94.15.117	Cobalt Strike botnet C2 server (confidence level: 100%)
file1.12.233.147	Cobalt Strike botnet C2 server (confidence level: 100%)
file176.65.143.147	Remcos botnet C2 server (confidence level: 100%)
file206.123.152.106	Remcos botnet C2 server (confidence level: 100%)
file144.172.92.114	Remcos botnet C2 server (confidence level: 100%)
file173.225.102.145	Remcos botnet C2 server (confidence level: 100%)
file45.78.63.125	pupy botnet C2 server (confidence level: 100%)
file23.95.162.53	AsyncRAT botnet C2 server (confidence level: 100%)
file45.141.233.64	Hook botnet C2 server (confidence level: 100%)
file156.238.237.180	Quasar RAT botnet C2 server (confidence level: 100%)
file93.183.81.23	Havoc botnet C2 server (confidence level: 100%)
file78.135.93.218	Havoc botnet C2 server (confidence level: 100%)
file18.116.31.108	NetSupportManager RAT botnet C2 server (confidence level: 100%)
file193.149.129.58	Broomstick botnet C2 server (confidence level: 75%)
file45.61.136.160	Broomstick botnet C2 server (confidence level: 75%)
file66.103.210.105	Unknown malware botnet C2 server (confidence level: 75%)
file37.133.50.164	Meterpreter botnet C2 server (confidence level: 75%)
file47.104.246.77	Cobalt Strike botnet C2 server (confidence level: 100%)
file47.109.82.220	Cobalt Strike botnet C2 server (confidence level: 100%)
file113.45.11.103	Cobalt Strike botnet C2 server (confidence level: 100%)
file84.46.236.139	Cobalt Strike botnet C2 server (confidence level: 100%)
file148.135.86.38	Cobalt Strike botnet C2 server (confidence level: 100%)
file42.51.40.85	Cobalt Strike botnet C2 server (confidence level: 100%)
file38.55.199.146	Cobalt Strike botnet C2 server (confidence level: 100%)
file121.41.46.127	Cobalt Strike botnet C2 server (confidence level: 100%)
file45.196.222.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file64.176.228.13	Cobalt Strike botnet C2 server (confidence level: 75%)
file18.192.93.86	NjRAT botnet C2 server (confidence level: 75%)
file18.156.13.209	NjRAT botnet C2 server (confidence level: 75%)
file172.234.244.49	Sliver botnet C2 server (confidence level: 100%)
file154.38.185.247	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.25	AsyncRAT botnet C2 server (confidence level: 100%)
file128.90.113.25	AsyncRAT botnet C2 server (confidence level: 100%)
file195.3.223.146	AsyncRAT botnet C2 server (confidence level: 100%)
file92.213.96.141	Venom RAT botnet C2 server (confidence level: 100%)
file46.31.79.56	DCRat botnet C2 server (confidence level: 100%)
file195.35.56.181	ERMAC botnet C2 server (confidence level: 100%)
file43.250.173.2	MooBot botnet C2 server (confidence level: 100%)
file3.71.225.231	NjRAT botnet C2 server (confidence level: 75%)
file89.110.76.90	MimiKatz botnet C2 server (confidence level: 100%)
file52.57.120.10	NjRAT botnet C2 server (confidence level: 75%)
file18.192.31.30	NjRAT botnet C2 server (confidence level: 75%)
file147.185.221.21	AsyncRAT botnet C2 server (confidence level: 75%)
file3.126.224.214	NjRAT botnet C2 server (confidence level: 75%)
file35.157.111.131	NjRAT botnet C2 server (confidence level: 75%)
file3.125.188.168	NjRAT botnet C2 server (confidence level: 75%)
file3.124.67.191	NjRAT botnet C2 server (confidence level: 75%)
file205.185.117.53	Mirai botnet C2 server (confidence level: 75%)
file103.83.86.26	Mirai botnet C2 server (confidence level: 100%)
file159.100.6.170	Unknown RAT botnet C2 server (confidence level: 100%)
file37.221.64.108	Unknown RAT botnet C2 server (confidence level: 100%)
file37.221.64.60	Unknown RAT botnet C2 server (confidence level: 100%)
file37.221.64.76	Unknown RAT botnet C2 server (confidence level: 100%)
file38.180.57.106	Unknown RAT botnet C2 server (confidence level: 100%)
file193.23.118.77	Unknown RAT botnet C2 server (confidence level: 100%)
file38.244.132.66	GhostSocks botnet C2 server (confidence level: 100%)
file43.250.173.2	Mirai botnet C2 server (confidence level: 75%)
file54.39.19.186	Remcos botnet C2 server (confidence level: 100%)
file157.173.192.228	Sliver botnet C2 server (confidence level: 100%)
file96.9.125.36	Unknown malware botnet C2 server (confidence level: 100%)
file62.133.60.82	Havoc botnet C2 server (confidence level: 100%)
file88.89.219.131	Havoc botnet C2 server (confidence level: 100%)
file191.13.60.33	Havoc botnet C2 server (confidence level: 100%)
file154.21.200.190	ERMAC botnet C2 server (confidence level: 100%)
file156.238.233.5	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.97.96.34	Cobalt Strike botnet C2 server (confidence level: 50%)
file47.116.208.81	Cobalt Strike botnet C2 server (confidence level: 50%)
file60.205.183.232	Cobalt Strike botnet C2 server (confidence level: 50%)
file150.230.194.235	Cobalt Strike botnet C2 server (confidence level: 50%)
file103.242.12.203	Cobalt Strike botnet C2 server (confidence level: 50%)
file150.158.77.31	Cobalt Strike botnet C2 server (confidence level: 50%)
file84.32.9.92	Sliver botnet C2 server (confidence level: 50%)
file107.189.27.163	Sliver botnet C2 server (confidence level: 50%)
file149.102.130.194	Sliver botnet C2 server (confidence level: 50%)
file5.252.153.120	Sliver botnet C2 server (confidence level: 50%)
file146.70.213.35	Brute Ratel C4 botnet C2 server (confidence level: 50%)
file13.38.122.42	NetSupportManager RAT botnet C2 server (confidence level: 50%)
file114.67.234.200	Xtreme RAT botnet C2 server (confidence level: 50%)
file149.210.76.82	Ghost RAT botnet C2 server (confidence level: 50%)
file101.201.37.152	Unknown malware botnet C2 server (confidence level: 50%)
file193.161.193.99	XWorm botnet C2 server (confidence level: 50%)
file151.106.125.158	Cobalt Strike botnet C2 server (confidence level: 100%)
file35.220.139.126	pupy botnet C2 server (confidence level: 100%)
file45.146.254.58	Quasar RAT botnet C2 server (confidence level: 100%)
file109.122.248.111	DeimosC2 botnet C2 server (confidence level: 75%)
file159.203.148.17	Sliver botnet C2 server (confidence level: 75%)
file194.55.137.17	Eye Pyramid botnet C2 server (confidence level: 75%)
file46.8.226.188	Meterpreter botnet C2 server (confidence level: 75%)

Hash

Value	Description	Copy
hash1337	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash4000	Remcos botnet C2 server (confidence level: 100%)
hash2026	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash8443	Sliver botnet C2 server (confidence level: 100%)
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8888	Unknown malware botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash7777	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash8801	AsyncRAT botnet C2 server (confidence level: 100%)
hash45051	Hook botnet C2 server (confidence level: 100%)
hash8082	Hook botnet C2 server (confidence level: 100%)
hash10443	Havoc botnet C2 server (confidence level: 100%)
hash15443	Havoc botnet C2 server (confidence level: 100%)
hash80	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash10443	Havoc botnet C2 server (confidence level: 100%)
hash15443	Havoc botnet C2 server (confidence level: 100%)
hash15927	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash59877	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash8082	Vshell botnet C2 server (confidence level: 100%)
hash80	Unknown malware botnet C2 server (confidence level: 100%)
hash8033	Cobalt Strike botnet C2 server (confidence level: 75%)
hash8083	Cobalt Strike botnet C2 server (confidence level: 75%)
hash46167	Remcos botnet C2 server (confidence level: 100%)
hash1000	Remcos botnet C2 server (confidence level: 100%)
hash8080	Quasar RAT botnet C2 server (confidence level: 100%)
hash8848	DCRat botnet C2 server (confidence level: 100%)
hash8090	DCRat botnet C2 server (confidence level: 100%)
hash19000	Rhadamanthys botnet C2 server (confidence level: 100%)
hash19000	Rhadamanthys botnet C2 server (confidence level: 100%)
hash5555	AsyncRAT botnet C2 server (confidence level: 100%)
hash8090	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash3333	Unknown malware botnet C2 server (confidence level: 100%)
hash9205	Unknown malware botnet C2 server (confidence level: 100%)
hash443	QakBot botnet C2 server (confidence level: 100%)
hash443	GhostSocks botnet C2 server (confidence level: 100%)
hash443	GhostSocks botnet C2 server (confidence level: 100%)
hash10012	Cobalt Strike botnet C2 server (confidence level: 50%)
hash10011	Cobalt Strike botnet C2 server (confidence level: 50%)
hash4400	Cobalt Strike botnet C2 server (confidence level: 50%)
hash9178	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8002	Cobalt Strike botnet C2 server (confidence level: 50%)
hash18443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash18443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash18443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash18443	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8848	Cobalt Strike botnet C2 server (confidence level: 50%)
hash3333	Unknown malware botnet C2 server (confidence level: 50%)
hash80	Kimsuky botnet C2 server (confidence level: 50%)
hash443	Kimsuky botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash22001	ShadowPad botnet C2 server (confidence level: 50%)
hash3001	AsyncRAT botnet C2 server (confidence level: 50%)
hash12271	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash50050	Quasar RAT botnet C2 server (confidence level: 50%)
hash443	Havoc botnet C2 server (confidence level: 50%)
hash80	Unknown malware botnet C2 server (confidence level: 50%)
hash8406	Unknown malware botnet C2 server (confidence level: 50%)
hash8808	Orcus RAT botnet C2 server (confidence level: 50%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8085	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash2565	Remcos botnet C2 server (confidence level: 100%)
hash2404	Remcos botnet C2 server (confidence level: 100%)
hash5938	Remcos botnet C2 server (confidence level: 100%)
hash443	pupy botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash80	Hook botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash4433	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash3260	NetSupportManager RAT botnet C2 server (confidence level: 100%)
hash80	Broomstick botnet C2 server (confidence level: 75%)
hash80	Broomstick botnet C2 server (confidence level: 75%)
hash60000	Unknown malware botnet C2 server (confidence level: 75%)
hash80	Meterpreter botnet C2 server (confidence level: 75%)
hash8090	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8000	Cobalt Strike botnet C2 server (confidence level: 100%)
hash80	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8088	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash90	Cobalt Strike botnet C2 server (confidence level: 100%)
hash2095	Cobalt Strike botnet C2 server (confidence level: 100%)
hash7777	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash443	Cobalt Strike botnet C2 server (confidence level: 75%)
hash19281	NjRAT botnet C2 server (confidence level: 75%)
hash19281	NjRAT botnet C2 server (confidence level: 75%)
hash31337	Sliver botnet C2 server (confidence level: 100%)
hash2022	AsyncRAT botnet C2 server (confidence level: 100%)
hash4000	AsyncRAT botnet C2 server (confidence level: 100%)
hash8808	AsyncRAT botnet C2 server (confidence level: 100%)
hash4445	AsyncRAT botnet C2 server (confidence level: 100%)
hash3389	Venom RAT botnet C2 server (confidence level: 100%)
hash7777	DCRat botnet C2 server (confidence level: 100%)
hash8080	ERMAC botnet C2 server (confidence level: 100%)
hash80	MooBot botnet C2 server (confidence level: 100%)
hash18053	NjRAT botnet C2 server (confidence level: 75%)
hash80	MimiKatz botnet C2 server (confidence level: 100%)
hash18053	NjRAT botnet C2 server (confidence level: 75%)
hash18053	NjRAT botnet C2 server (confidence level: 75%)
hash27180	AsyncRAT botnet C2 server (confidence level: 75%)
hash10780	NjRAT botnet C2 server (confidence level: 75%)
hash10780	NjRAT botnet C2 server (confidence level: 75%)
hash10780	NjRAT botnet C2 server (confidence level: 75%)
hash10780	NjRAT botnet C2 server (confidence level: 75%)
hash7f4582259482af646aecd6b1addb50cb283706753376e7dbadb4c33ab3ddff21	AMOS payload (confidence level: 100%)
hash9793fc09d1f18b16cc7e1af52e68957387eda27e904fe44cdad904016fcb55b8	AMOS payload (confidence level: 100%)
hash3778	Mirai botnet C2 server (confidence level: 75%)
hashe11d147dad6e47a1cecb1f2755f95a55	Unknown malware payload (confidence level: 50%)
hash23c218d4009918c9b93f22e09e1d3671	Unknown malware payload (confidence level: 50%)
hashf7f679420671b7e18677831d4d276277	Unknown malware payload (confidence level: 50%)
hashf76d907ca3817a8b2967790315265469	Unknown malware payload (confidence level: 50%)
hash6c3b2558fc8cfcb2751437b6e5cdeb6f	Unknown malware payload (confidence level: 50%)
hash6d034dca42ffea354a20cd15d3f2ffd5	Unknown malware payload (confidence level: 50%)
hash23	Mirai botnet C2 server (confidence level: 100%)
hash8880	Unknown RAT botnet C2 server (confidence level: 100%)
hash8041	Unknown RAT botnet C2 server (confidence level: 100%)
hash8041	Unknown RAT botnet C2 server (confidence level: 100%)
hash8041	Unknown RAT botnet C2 server (confidence level: 100%)
hash8041	Unknown RAT botnet C2 server (confidence level: 100%)
hash8041	Unknown RAT botnet C2 server (confidence level: 100%)
hash30001	GhostSocks botnet C2 server (confidence level: 100%)
hash1995	Mirai botnet C2 server (confidence level: 75%)
hash47826	Remcos botnet C2 server (confidence level: 100%)
hash8888	Sliver botnet C2 server (confidence level: 100%)
hash82	Unknown malware botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash443	Havoc botnet C2 server (confidence level: 100%)
hash8081	Havoc botnet C2 server (confidence level: 100%)
hash80	ERMAC botnet C2 server (confidence level: 100%)
hash8899	Cobalt Strike botnet C2 server (confidence level: 50%)
hash6000	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash50050	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8868	Cobalt Strike botnet C2 server (confidence level: 50%)
hash8899	Cobalt Strike botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash31337	Sliver botnet C2 server (confidence level: 50%)
hash8085	Brute Ratel C4 botnet C2 server (confidence level: 50%)
hash51235	NetSupportManager RAT botnet C2 server (confidence level: 50%)
hash10001	Xtreme RAT botnet C2 server (confidence level: 50%)
hash443	Ghost RAT botnet C2 server (confidence level: 50%)
hash9333	Unknown malware botnet C2 server (confidence level: 50%)
hash62208	XWorm botnet C2 server (confidence level: 50%)
hash8443	Cobalt Strike botnet C2 server (confidence level: 100%)
hash8443	pupy botnet C2 server (confidence level: 100%)
hash4782	Quasar RAT botnet C2 server (confidence level: 100%)
hash8856	DeimosC2 botnet C2 server (confidence level: 75%)
hash443	Sliver botnet C2 server (confidence level: 75%)
hash443	Eye Pyramid botnet C2 server (confidence level: 75%)
hash4444	Meterpreter botnet C2 server (confidence level: 75%)

Url

Value	Description	Copy
urlhttp://154.201.69.66:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttps://kirmiziadim.com/ogrmnmvinzm5zgu2/	Coper botnet C2 (confidence level: 80%)
urlhttps://rednoticeice3.com/ogrmnmvinzm5zgu2/	Coper botnet C2 (confidence level: 80%)
urlhttps://mavibalina522.com/ogrmnmvinzm5zgu2/	Coper botnet C2 (confidence level: 80%)
urlhttps://siyahpanpanter2.com/ogrmnmvinzm5zgu2/	Coper botnet C2 (confidence level: 80%)
urlhttps://kahverengiayii3.com/ogrmnmvinzm5zgu2/	Coper botnet C2 (confidence level: 80%)
urlhttps://6steelixr.live/aguiz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://oweldorae.digital/geds	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://qweldorae.digital/geds	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://sysmeshm.run/gossaio	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://182.119.62.111:47274/mozi.m	Mozi payload delivery URL (confidence level: 50%)
urlhttps://check.ticyb.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://111.231.144.231:8888/supershell/login/	Unknown malware botnet C2 (confidence level: 100%)
urlhttp://89.169.12.78/api/ytasodysodisowqsytesodgsotasotusnjusn2qs	SmartLoader botnet C2 (confidence level: 75%)
urlhttp://213.176.73.72/api/ytasodysodisowqsytesodgsotasotusnjusn2qs	SmartLoader botnet C2 (confidence level: 75%)
urlhttps://check.nagec.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://kick.moi/spycamlive	Unknown malware payload delivery URL (confidence level: 50%)
urlhttp://161.97.187.28/	Hook botnet C2 (confidence level: 50%)
urlhttps://pastebin.com/raw/hwhskdaj	AsyncRAT botnet C2 (confidence level: 50%)
urlhttps://check.taxaq.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://5travewlio.shop/znxbhi	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://usesccapewz.run/ansbwqy	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.zahyt.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://9smeltingt.run/giiaus	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://uik2oreheatq.live/gsopp	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.qewid.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.ryqyn.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.wumih.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://moonscik.digital/lskaoz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://gferromny.digital/gwpd	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://tripfjoyq.life/sgpakz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.libij.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://0castmaxw.run/ganzde	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://70oreheatq.live/gsopp	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://apixtreev.run/lkauz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://appgridn.live/lejdak	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://byteplusx.digital/axweax	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://cosmosyf.top/gosznj	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://fferromny.digital/gwpd	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://mtriplooqp.world/apowko	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://tsparkiob.digital/keasup	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://70sparkiob.digital/keasup	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://7targett.top/dsangt	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://atargett.top/dsangt	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://xcastmaxw.run/ganzde	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.mipak.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://5steelixr.live/aguiz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://6advennture.top/gksiio	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://mvoreheatq.live/gsopp	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttp://85.209.11.155/joinsystem/	AMOS botnet C2 (confidence level: 100%)
urlhttps://docs.google.com/forms/d/e/1faipqlsdjxyobii5wkyt9dvl8ngybk6434oyqhgomohrcdpsbk1shcw/viewform?usp=sf_link	AMOS payload delivery URL (confidence level: 100%)
urlhttps://openvpn.tech/vpn-download	AMOS payload delivery URL (confidence level: 100%)
urlhttps://utv4fun.com/kusaka.php?call=vpn	AMOS payload delivery URL (confidence level: 100%)
urlhttps://openvpn-win.pages.dev	AMOS payload delivery URL (confidence level: 100%)
urlhttps://docs.google.com/forms/d/e/1faipqlsf44qew5ulxjaqoyjzkklugmil7m2zktzncegf3ynu5bnfkdw/viewform?usp=sf_link	AMOS payload delivery URL (confidence level: 75%)
urlhttps://openvpn.software/vpn-download	AMOS payload delivery URL (confidence level: 75%)
urlhttps://metalrom.digital/opgasz	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.gicaz.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.jehim.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.bopuc.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.taxiz.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttp://45.141.233.64/	Hook botnet C2 (confidence level: 50%)
urlhttps://linktree.ec/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://linktree.ec/muppetsbinance	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://linktree.si/	Unknown malware payload delivery URL (confidence level: 50%)
urlhttps://check.sabyw.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://check.jexat.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)
urlhttps://g7weldorae.digital/geds	Lumma Stealer botnet C2 (confidence level: 75%)
urlhttps://check.munyw.icu/gkcxv.google	ClearFake payload delivery URL (confidence level: 100%)

Domain

Value	Description	Copy
domaincheck.nifom.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincpcalendars.e.ora-0-web.com	Bashlite botnet C2 domain (confidence level: 100%)
domainapi.faleze.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincheck.ticyb.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincpanel.adesso-online.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincpcalendars.eversioneweb.com	Bashlite botnet C2 domain (confidence level: 100%)
domainwebdisk.d.ora-0-web.com	Bashlite botnet C2 domain (confidence level: 100%)
domainwebmail.oraonweb.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincpanel.aa.104-168-101-27.cprapid.com	Bashlite botnet C2 domain (confidence level: 100%)
domainmail.c.ora-0-web.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincpanel.i.web-app-on.com	Bashlite botnet C2 domain (confidence level: 100%)
domainautodiscover.aaa.104-168-101-27.cprapid.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincheck.nagec.icu	ClearFake payload delivery domain (confidence level: 100%)
domainchris1212-43098.portmap.host	Quasar RAT botnet C2 domain (confidence level: 50%)
domainquassar53-43603.portmap.host	Quasar RAT botnet C2 domain (confidence level: 50%)
domainddffg-52874.portmap.host	Remcos botnet C2 domain (confidence level: 50%)
domaingame-glory.gl.at.ply.gg	Remcos botnet C2 domain (confidence level: 50%)
domainswertyhgvcfrdewsquiplkjmnb.ydns.eu	Remcos botnet C2 domain (confidence level: 50%)
domainverynicepeopleswithgreatnessgivenmebestthings.ydns.eu	Remcos botnet C2 domain (confidence level: 50%)
domainindian-alternate.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainresources-legacy.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainsomeone-manually.gl.at.ply.gg	XWorm botnet C2 domain (confidence level: 50%)
domainticket90867-33014.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domainnebuxisn.top	Lumma Stealer botnet C2 domain (confidence level: 50%)
domaincheck.taxaq.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.zahyt.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincpanel.multi-canale.com	Bashlite botnet C2 domain (confidence level: 100%)
domainwebmail.f.multi-canale.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincpcontacts.b.ora-0-web.com	Bashlite botnet C2 domain (confidence level: 100%)
domainmanagement.faleze.com	Bashlite botnet C2 domain (confidence level: 100%)
domaincheck.qewid.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincastmann.run	Lumma Stealer botnet C2 domain (confidence level: 100%)
domaincheck.ryqyn.icu	ClearFake payload delivery domain (confidence level: 100%)
domainmuddy-scene-7557.sgfsdggfg.workers.dev	Cobalt Strike botnet C2 domain (confidence level: 75%)
domaincheck.wumih.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.libij.icu	ClearFake payload delivery domain (confidence level: 100%)
domaincheck.mipak.icu	ClearFake payload delivery domain (confidence level: 100%)
domainastroutm.life	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincosmixxz.live	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaincosmosyq.shop	Lumma Stealer botnet C2 domain (confidence level: 75%)
domaingalxnetb.today	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainmoonscik.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainspacedbv.world	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainstarcloc.bet	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainastrolym.life	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainlunoxxx.shop	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainmoonifyc.digital	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainorbitskc.bet	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainspacenxx.shop	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainstarjetv.run	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainstarpopz.live	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainstarwebb.today	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainvoidmaxv.world	Lumma Stealer botnet C2 domain (confidence level: 75%)
domainopenvpn.tech	AMOS botnet C2 domain (confidence level: 100%)
domainelectrum-doge.online	Unknown Stealer botnet C2 domain (confidence level: 100%)
domainopenvpn.software	AMOS botnet C2 domain (confidence level: 75%)
domaincheck.gicaz.icu	ClearFake payload delivery domain (confidence level: 100%)
domainaoqjan1.anondns.net	Unknown RAT botnet C2 domain (confidence level: 75%)
domaindasds21.zapto.org	Unknown RAT botnet C2 domain (confidence level: 75%)
domainfdgdfgfd.top	Unknown RAT botnet C2 domain (confidence level: 75%)
domainhoripalok.top	Unknown RAT botnet C2 domain (confidence level: 75%)
domainiyhelp.top	Unknown RAT botnet C2 domain (confidence level: 75%)
domainkmabeepr.uhimsicloudcop.com	Unknown RAT botnet C2 domain (confidence level: 75%)
domainm3back699.site	Unknown RAT botnet C2 domain (confidence level: 75%)
domainzayas1.anondns.net	Unknown RAT botnet C2 domain (confidence level: 75%)
domaincheck.jehim.icu	ClearFake payload delivery domain (confidence level: 100%)
domainaction-required-now.ru	Unknown RAT botnet C2 domain (confidence level: 100%)
domainaeropeakpro.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainbkrmbigokg.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domaindownssaup.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domaindrpolor.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainedgemindspro.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainedhelp.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainhelpmysupport.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainlottehelp.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainls-xsg.screensconnectpro.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainmaltphelp.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainneurovibepro.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainpopwee2.zapto.org	Unknown RAT botnet C2 domain (confidence level: 100%)
domainrelay.relaysupportbr.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainrjpanelplus.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainssapopup.top	Unknown RAT botnet C2 domain (confidence level: 100%)
domainsyntheticalabspro.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domainyqwam21154.zapto.org	Unknown RAT botnet C2 domain (confidence level: 100%)
domainzenovalabspro.com	Unknown RAT botnet C2 domain (confidence level: 100%)
domaincheck.bopuc.icu	ClearFake payload delivery domain (confidence level: 100%)
domainholefo2785-22820.portmap.host	AsyncRAT botnet C2 domain (confidence level: 50%)
domainweb.project4443.xyz	Mirai botnet C2 domain (confidence level: 50%)
domain8.tcp.eu.ngrok.io	NjRAT botnet C2 domain (confidence level: 50%)
domainbricker33-42218.portmap.host	Quasar RAT botnet C2 domain (confidence level: 50%)
domainkellyjasmine1985.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainramcourse.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainxxploitt.duckdns.org	Remcos botnet C2 domain (confidence level: 50%)
domainslimedang-64046.portmap.host	XenoRAT botnet C2 domain (confidence level: 50%)
domainhodh009-62208.portmap.host	XWorm botnet C2 domain (confidence level: 50%)
domaincheck.sabyw.icu	ClearFake payload delivery domain (confidence level: 100%)

Threat ID: 682c7db7e8347ec82d2bd550

Added to database: 5/20/2025, 1:03:51 PM

Last enriched: 6/19/2025, 3:18:18 PM

Last updated: 8/15/2025, 12:42:24 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

ThreatFox IOCs for 2025-03-29

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

ThreatFox IOCs for 2025-03-29

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

File

Hash

Url

Domain

Related Threats

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

Scammers Compromised by Own Malware, Expose $4.67M Operation and Identities

ThreatFox IOCs for 2025-08-15

Threat Actor Profile: Interlock Ransomware

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility